20 Cybersecurity Terms Everyone Should Know

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Get your head around these IT security terms and you’re well on your way to protecting your company, says Laurance Dine, managing principal at Verizon Enterprise Solutions

Do you know what a detection deficit is? Do you know the difference between a malware and crimeware?

For those of you not working directly in cybersecurity, these terms might not mean much to you now, but when your organisation is faced with a potential data breach (and it’s typically not a matter of if you get breached, but when), you’re going to want to understand what’s going on.

To help, here are 20 key cybersecurity terms that you should know in order to keep your enterprise systems secure.

1. Detection deficit – Time it takes to discover a breach from the time of compromise.

2. Malware – Categorical term for various forms of malicious software designed to damage or access computers without knowledge of the owner.

3. Crimeware – A specific classification of malware designed for the sole purpose of conducting illegal activity.

5. Keylogger malware – This malware installs as a result of clicking when browsing the web or downloading software. Once installed, it tracks all of the user’s keystrokes and sends that information to a remote service. This may include logins, emails and anything else typed in to the keyboard.

6. Exploit kits – Think of it as a pre-packaged cyberattack for dummies. Varying in complexity and targeted vulnerability the key characteristic is the easy-to-use nature of the kit. Unsophisticated attackers who lack expertise in IT or cybersecurity will typically find a user-friendly interface to initiate and manage the attack.

7. CVE – Common Vulnerabilities and Exposures is a dictionary of publicly known information about security vulnerabilities and exposures.

8. CVSS – Common Vulnerability Scoring System is designed to provide an open and standardized method for rating IT vulnerabilities.

9. JBOH – Java-Script-Binding-Over-HTTP, which enables an attacker to execute code remotely on Android devices that have affected apps.

10. IDS or IPS – Intrusion Detection Systems or Intrusion Prevention Systems may come in the form of a software application or device used to monitor a specific system or network for signs of malicious activities.

11. VERIS – Vocabulary for Event Recording and Incident Sharing is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.

12. POS intrusions – Point-of-sale intrusions are attacks that occur on the device transacting a sale. The device may be various forms of digital cash registers used across many industries.

13. Payment Card Skimmers – Malicious card readers that cybercriminals place on payment terminals, ATM’s or anywhere a credit card swipe occurs to copy the data from the magnetic strip on the card.

14. Web App Attack – A web-based cyberattack that can take various forms but is commonly defined by its use of the https or http protocol. The attack typically targets the website’s security or performance and, in some cases, can take the entire site down.

15. DDoS Attack – A distributed denial-of-service attack is an attempt to make an online resource unavailable to users by overwhelming the resource with maliciously generated traffic.

16. Phishing – An attempt to fraudulently obtain confidential information by posing as a legitimate company, usually a financial organisation, via an email message.

17. Cyberespionage – The act of stealing confidential information digitally stored on computers or networks within a government or organisation.

18. Botnet – Malware infected computers grouped together to form a network and controlled remotely. These networks can be recruited by the controller in a DDoS attack or to send spam emails.

19. Ransomware – Malware specifically designed to block access to systems or information until a ransom is paid.

20. Clickfraud – The act of registering artificially inflated clicks within a pay-per-click (PPC) online advertising campaign. Clicks are typically generated through the use of a person or computer program.